Home > Security > Advisories

Advisories

Mandriva Advisories

Package name ruby
Date July 28th, 2006
Advisory ID MDKSA-2006:134
Affected versions CS3.0, 2006.0
Synopsis Updated ruby packages fix safe-level vulnerabilities

Problem Description

A number of flaws were discovered in the safe-level restrictions in
the Ruby language. Because of these flaws, it would be possible for
an attacker to create a carefully crafted malicious script that could
allow them to bypass certain safe-level restrictions.

Updated packages have been patched to correct this issue.

Updated Packages

Corporate Server 3.0

 04ae53b4b5662872aba838c9fbd72466  corporate/3.0/RPMS/ruby-1.8.1-1.6.C30mdk.i586.rpm
 c1e94f6f01fca30ce36227b91e466f21  corporate/3.0/RPMS/ruby-devel-1.8.1-1.6.C30mdk.i586.rpm
 c5019548c2003c1da8a8aa95617c22f4  corporate/3.0/RPMS/ruby-doc-1.8.1-1.6.C30mdk.i586.rpm
 a7e171ffa0477f6da36bdf9707e163b4  corporate/3.0/RPMS/ruby-tk-1.8.1-1.6.C30mdk.i586.rpm
 fb9c099b9c479dbd284e2bcd8d07699f  corporate/3.0/SRPMS/ruby-1.8.1-1.6.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 20a7d42a40547b1bed6aac4900386537  x86_64/corporate/3.0/RPMS/ruby-1.8.1-1.6.C30mdk.x86_64.rpm
 ef6b2b513036f3f9b6f9e43bbdd83a50  x86_64/corporate/3.0/RPMS/ruby-devel-1.8.1-1.6.C30mdk.x86_64.rpm
 59a038e5c8928e6a81b57984f5260eca  x86_64/corporate/3.0/RPMS/ruby-doc-1.8.1-1.6.C30mdk.x86_64.rpm
 e613282d66e153526b1e6a23062c2e9e  x86_64/corporate/3.0/RPMS/ruby-tk-1.8.1-1.6.C30mdk.x86_64.rpm
 fb9c099b9c479dbd284e2bcd8d07699f  x86_64/corporate/3.0/SRPMS/ruby-1.8.1-1.6.C30mdk.src.rpm

Mandriva Linux 2006

 8eed80b6fcd6b41fc7c15d617732c97c  2006.0/RPMS/ruby-1.8.2-7.3.20060mdk.i586.rpm
 770370523d64d39b003943cd4363b55d  2006.0/RPMS/ruby-devel-1.8.2-7.3.20060mdk.i586.rpm
 737aad366fda8c8b75ca7b8739bc19bc  2006.0/RPMS/ruby-doc-1.8.2-7.3.20060mdk.i586.rpm
 949de9702c29ffa2519e3c9bd4866127  2006.0/RPMS/ruby-tk-1.8.2-7.3.20060mdk.i586.rpm
 37aaacc8b046ceb135833a201e229d95  2006.0/SRPMS/ruby-1.8.2-7.3.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 a84ffa78943e7e69c172a824a8804c65  x86_64/2006.0/RPMS/ruby-1.8.2-7.3.20060mdk.x86_64.rpm
 7e4e992fed64a245f8d4450b279f45e5  x86_64/2006.0/RPMS/ruby-devel-1.8.2-7.3.20060mdk.x86_64.rpm
 65a180f269c974a673beb9d35366de5e  x86_64/2006.0/RPMS/ruby-doc-1.8.2-7.3.20060mdk.x86_64.rpm
 db56c49363d539bb66d0ec9975b74c57  x86_64/2006.0/RPMS/ruby-tk-1.8.2-7.3.20060mdk.x86_64.rpm
 37aaacc8b046ceb135833a201e229d95  x86_64/2006.0/SRPMS/ruby-1.8.2-7.3.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3694

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm
                

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.